Many other features depend on a user being able to log in at the Ultimate Sims List, so this this is a core capability.

I plan to use the Sun Sims user database so that folks only need to create on login ID. The tricky part is figuring out whether a user is already logged in without opening a big security hole.

The best way to do this seems to be to use cookies. This would assume that if a user's web browser can send a correct username and password in a cookie, then that's an authorized user. If we use cookies, they'll need to expire after some time and the user needs a "logout" feature that will clear cookies immediately.

So far, so good. I already know how to query the database. Now I just need to dig up the stuff on how to hash passwords and work with cookies.